Word Files Related to Diplomacy and National Defense Being Distributed
The ASEC analysis team has discovered the continuous distribution of malicious Word files with North Korea-related file names. The Word files contain malicious VBA macro codes and are the same file type introduced in <Discovery of Continuous Distribution of North Korea-related Malicious Word Files>. The names of the distributed
New Malware of Lazarus Threat Actor Group Exploiting INITECH Process
The AhnLab ASEC analysis team has discovered that there are 47 companies and institutions—including defense companies—infected with the malware distributed by the Lazarus group in the first quarter of 2022. Considering the severity of the situation, the team has been monitoring the infection cases. In systems of the organizations infected
APT Attack Disguised as Resume Template for North Korean Defectors (VBS Script)
The ASEC analysis team has recently discovered that a malicious info-leaking VBS is being distributed via phishing email disguised as North Korea-related material. The email is about casting calls for a North Korea-related broadcast, and a compressed file is attached to it. It asks the readers to fill out the
APT Attacks Using Word File Disguised as Donation Receipts for Uljin Wildfire (Kimsuky)
At the beginning of March this year, a wildfire broke out in the Samcheok and Wuljin area, and numerous people from all over Korea donated to help the victims and restore the damages. Amidst such a situation, the ASEC analysis team discovered the attacker’s attempt at launching APT attacks disguised
VBS Script Disguised as PDF File Being Distributed (Kimsuky)
On March 23rd, the ASEC analysis team has discovered APT attacks launched by an attack group presumed to be Kimsuky, and they targeted certain Korean companies. Upon running the script file with the VBS extension, the malware runs the innocuous PDF file that exists internally to trick the user into
APT Attack Using Word Files About Cryptocurrency (Kimsuky)
On March 21st, the ASEC analysis team has discovered the Kimsuky group’s APT attacks that use Word files containing information about cryptocurrency. A total of three Word files were discovered that were used as baits for the attacks. The macro’s author and its execution flow are identical to that which
Word Document Attack Targeting Companies Specialized in Carbon Emissions
On March 18th, the ASEC analysis team discovered a document-borne APT attack targeting companies specialized in carbon emissions. According to logs collected from AhnLab’s ASD (AhnLab Smart Defense), the user of the infected PC appears to have downloaded a malicious word document titled “**** Carbon Credit Institution.doc” through a web
APT Attack Being Distributed as Windows Help File (*.chm)
The ASEC analysis team has recently discovered the distribution of malware disguised as a Windows Help File (*.chm), specifically targeting Korean users. The CHM file is a compiled HTML Help file that is executed via the Microsoft® HTML help executable program. The recently discovered CHM file downloads additional malicious files
Malicious HWP File Disguised as Press Release of 20th Presidential Election Early Voting for Sailors Being Distributed
The ASEC analysis team has discovered distribution of malicious HWP file disguised as “Press Release of 20th Presidential Election Early Voting for Sailors” as the presidential election draws near. The attacker distributed the malicious HWP file on February 28th, and though the team could not get the file in the
APT Attack Attempts Disguised as North Korea Related Paper Requirements (Kimsuky)
The ASEC analysis team has recently discovered the distribution of malicious Word (DOC) files to graduate school professors that are disguised as North Korea-related paper requirements. The name of the Word file is shown below. The term ‘KIMA’ mentioned in the filename is the name of the monthly magazine specializing
